Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

+ - BIOS Rootkit Implant To Debut at CanSecWest->

Submitted by msm1267
msm1267 (2804139) writes "Research on new BIOS vulnerabilities and a working rootkit implant will be presented on Friday at the annual CanSecWest security conference. An attacker with existing remote access on a compromised computer can use the implant to turn down existing protections in place to prevent re-flashing of the firmware, enabling the implant to be inserted and executed.

The devious part of the exploit is that the researchers have found a way to insert their agent into System Management Mode, which is used by firmware and runs separately from the operating system, managing various hardware controls. System Management Mode also has access to memory, which puts supposedly secure and privacy focused operating systems such as Tails in the line of fire of the implant.

Their implant, the researchers said, is able to scrape the secret PGP key Tails uses for encrypted communication, for example. It can also steal passwords and encrypted communication. The implant survives OS re-installation and even Tails’ built-in protections, including its capability of wiping RAM."

Link to Original Source

+ - In 1998, I told the major labels to create their own iTunes. They laughed at me.->

Submitted by journovampire
journovampire (1284988) writes ""I started to believe that there a simple solution of how record companies could take back some control as the internet age dawned: let’s make... a digital download store owned by all of the major labels, with some independent equity if we can manage it, that can service the market just as we do successfully in the physical world. I brought the idea to the NVPI and raised it. The first response was laughter. Lots of laughter.""
Link to Original Source

+ - Is 10 Years in Jail the Answer to Online Pirates?->

Submitted by Anonymous Coward
An anonymous reader writes "Physical counterfeiters can receive up to 10 years in jail under UK copyright law but should online pirates receive the same maximum punishment? A new report commissioned by the government reveals that many major rightsholders believe they should, but will that have the desired effect?

A new study commissioned by the UK Intellectual Property Office (IPO) examines whether the criminal sanctions for copyright infringement available under the Copyright, Designs and Patents Act 1988 (CDPA 1988) are currently proportionate and correct, or whether they should be amended.

While the Digital Economy Act 2010 increased financial penalties up to a maximum of £50,000, in broad terms the main ‘offline’ copyright offenses carry sentences of up to 10 years in jail while those carried out online carry a maximum of ‘just’ two."

Link to Original Source

+ - Raising tax revenue in California from Medical Cannabis Sales->

Submitted by bobmerly
bobmerly (4013053) writes "With the latest in Cannabis News, Colorado, the first state to legalize marijuana, has shown other doubting states that this new industry – allowing for medical marijuana and casual Pot use provides an added additional source of medical supply and revenue. State governments should be interested because medical cannabis can help with national development through income obtained from taxation. Since Colorado made that epic move it has taken in $53 million in tax revenue. California can look to redeem similar benefits if it makes the step into the marijuana industry."
Link to Original Source

+ - How Does One Verify Hard Drive Firmware? 1

Submitted by Anonymous Coward
An anonymous reader writes "In light of recent revelations from Kaspersky Labs about the Equation Group and persistent hard drive malware, I was curious about how easy it might be to verify my own system's drives to see if they were infected. I have no real reason to think they would be, but I was dismayed by the total lack of tools to independently verify such a thing. For instance, Seagate's firmware download pages provide files with no external hash, something Linux distributions do for all of their packages. Neither do they seem to provide a utility to read off the current firmware from a drive and verify its integrity.

Are there any utilities to do such a thing? Why don't these companies provide such a thing to users? Has anyone compiled and posted a public list of known-good firmware hashes for the major hard drive vendors and models? This seems to be a critical hole in PC security.

I did contact Seagate support asking for hashes of their latest firmware; I got a response stating that '...If you download the firmware directly from our website there is no risk on the file be tampered with." [their phrasing, not mine]. Methinks somebody hasn't been keeping up with world events lately."

+ - Ask Slashdot: parental content control for free OSs?

Submitted by m.alessandrini
m.alessandrini (1587467) writes "Children grow up, and inevitably they will start using internet and social networks, both for educational and recreational purposes. And it won't take long to them to learn to be autonomous, especially with all the smartphones and tablets around and your limited time.
Unlike the years of my youth, when internet started to enter our lives gradually, now I'm afraid of the amount of inappropriate contents a child can be exposed to unprepared: porn, scammers, cyberbullies or worse, are just a click away.
For Windows many solutions claim to exist, usually in form of massive antivirus suites. What about GNU/Linux? Or Android? Several solutions rely on setting up a proxy with a whitelist of sites, or similar, but I'm afraid this approach can make internet unusable, or otherwise be easy to bypass. Have you any experiences or suggestions? Do you think software solutions are only a part of the solution, provided children can learn hacking tricks better than us, and if so, what other "human" techniques are most effective?"

+ - ORNL 3D Prints Working Shelby Cobra Replica — President Obama Approves->

Submitted by ErnieKey
ErnieKey (3766427) writes "In 2014, we saw the first 3D printed car by a company called Local Motors. Already in 2015, we have seen this company one-upped by Oak Ridge National Laboratory. They have 3D printed a working Shelby Cobra replica, which looks and feels like the real thing. On top of this "the vehicle turned out to be half the weight, and three times as strong as the original Shelby Cobra, with increased performance and safety." President Obama and VP Joe Biden got the first look and they approved."
Link to Original Source

+ - Peer-reviewed Study: MS Word is Superior to LaTeX

Submitted by Anonymous Coward
An anonymous reader writes "A study recently published in PLOS ONE has compared MS Word to LaTeX and demonstrated that "...LaTeX users were slower than Word users, wrote less text in the same amount of time, and produced more typesetting, orthographical, grammatical, and formatting errors. On most measures, expert LaTeX users performed even worse than novice Word users... We conclude that even experienced LaTeX users may suffer a loss in productivity when LaTeX is used, relative to other document preparation systems. Individuals, institutions, and journals should carefully consider the ramifications of this finding when choosing document preparation strategies, or requiring them of authors."
http://www.plosone.org/article...

Slashdot readers may also be interested in reading post-publication responses to the paper on PubPeer:
https://pubpeer.com/publicatio..."

+ - Doppler radar used by police to determine home occupancy->

Submitted by schwit1
schwit1 (797399) writes "http://pdfserver.amlaw.com/nlj...

"... Separately and as we alluded to earlier, the government brought with it a
Doppler radar device capable of detecting from outside the home the presence of
“human breathing and movement within.” All this packed into a hand-held unit
“about 10 inches by 4 inches wide, 10 inches long.” The government admits that
it used the radar before entering — and that the device registered someone’s
presence inside. It’s obvious to us and everyone else in this case that the
government’s warrantless use of such a powerful tool to search inside homes
poses grave Fourth Amendment questions. New technologies bring with them not
only new opportunities for law enforcement to catch criminals but also new risks
for abuse and new ways to invade constitutional rights. See, e.g., Kyllo v. United
States, 533 U.S. 27, 33-35 (2001) (holding that using warrantless thermal imaging
to show activity inside a home violated the Fourth Amendment). Unlawful
searches can give rise not only to civil claims but may require the suppression of
evidence in criminal proceedings. We have little doubt that the radar device
deployed here will soon generate many questions for this court and others along
both of these axes."

Link to Original Source

How can you work when the system's so crowded?

Working...